Post processing of aggregation data for display #4357
Comments
That's actually an interesting idea for a custom field formatter. They're limited to simple things like string formatting and concatenation, but there might be utility in providing a sort of "custom endpoint formatter".
Shame, that's the easiest solution I'd think, easier than building a custom endpoint to query that data. If the event entities data is also in Elasticsearch, you might be able to achieve what you need with parent-child relationships, but I can't say for sure. I'd recommend posting that question over here: https://discuss.elastic.co/c/elasticsearch |
|
I'm going to close this in favor of #4361, which is a proposal for a field formatter implementation that would enable what you're looking for. If you've got additional input, please feel free to comment over there. |
We've been using Kibana 4 for a while now to create dashboards from our event data and we're very happy with it so far. One thing that is kind of a pain though is that we structure our event data with ids representing other entities as opposed to completely denormalizing the related data right onto the event. As such, when we chart things, we end up with a bunch of numbers in the legend instead of the labels for those numbers. It would be nice if there was a good way to resolve those ids to labels after the elasticsearch query has returned data back to the UI, in a sort of post processing step/s. In those steps, if would be good if we could invoke any arbitrary http endpoint/s to get the label data and then replace the ids in the aggregation results with their corresponding labels.
If you can do this in elasticsearch already then let me know how. If it requires me loading the lookup tables into elasticsearch too then I am okay with that. Also, denormalizing the event data structure is currently off the table. I know that works, but we have our reasons for not wanting to do that.
The text was updated successfully, but these errors were encountered: